I doubt all those nasty people will religiously use the app and leaving it powered up so that their meetings can be tracked.
I don’t see Scotty from Marketing trying to make the case you are bringing up as a hypothetical for the sake of the meagre return the authorities might get from such a change in legislation - if any.
That’s not legislation, it is a Determination by the Minister that can just as easily be amended by the Minister.
Except that’s why we got metadata laws, and forced decryption laws. Save the kiddies, protect us all from the scary terrorists… because they’ll all use the platforms governments are able to spy on, right?
While I agree with you to some extent, when version 3.1 comes out and just works in the background without ever disturbing you how many people will bother to uninstall it?
Stretching the hypothetical beyond recognition now. I began with the low chance of the legislation being altered to allow tracking for other purposes. What has that got to do with software management habits of the general phone user?
My point was two-fold:
Thus you have - at least in theory - a large proportion of the population that has installed an app and since forgotten about it and who can be tracked by said app.
It is a legislative instrument authorised under an Act and is delegated legislation which the parliament has provided the powers to the executive government to prepare and legislate. While it isn’t an Act formed through a Bill of parliament, it is legislation and forms part of the Commonwealth’s enacted suite of legilsation.
This website explains it more.
Some Acts allow the executive government to make legislation in times of emergency, when there is insufficient time to legislate in traditional ways.
So can most legislative regulation…in some circumstances the Act is a framework with detail in the subordinate legislation, such as regulations. This is used often by parliament to allow governments to make minor or administrative changes which don’t overly affect the intent of the legislation, without bogging down parliament which such matters.
Edit: While we may or may not agree with the processes associated with legislation legislated under delegation, it is something which is lawful and assented by parliament over the decades (possibly since the adoption of the Constitution).
Yes, you are correct I misspoke; I should have said that it is not an Act of Parliament or a Regulation under an Act. It is a power delegated under the Act of Parliament, and the current Determination is set to sunset on 1 October… 2030.
The Determination is made under Section 477 of the parent Act, which makes clear that while this is a legislative instrument (hence its publication on the Federal Register of Legislation) it cannot be disallowed by Parliament. (This appears to be in common with a number of sections of the Act that provide for Determinations to be made but not disallowed.)
Anyway, enough of my paranoia for now, someone else should step up to the plate with their own wild imaginings.
The technical differences of the form of the instrument are not that important. If the cost in votes or general political capital is too high, access to the system will not be opened up to attempt to identify meetings of pedophiles and terrorists who are hardly likely to make themselves vulnerable to tracking.
From @postulative “Thus you have - at least in theory - a large proportion of the population that has installed an app and since forgotten about it and who can be tracked by said app.”
If access is never granted the number of people who carelessly leave it installed and running well after the need is over is irrelevant.
I have never said widespread tracking was impossible just unlikely.
Continually reinforcing the possibility of misuse of the system is not productive when you balance it against the good that will come if many adopt it during the pandemic. If you insist either that absolute security is required or that the balance is not in favour of using the app then we must agree to disagree.
Is your confidence rational? We already have effective contact tracing. If the app works as advertised, then it might enhance the effectiveness. There’s an if and a might in there that should be considered with the buts.
I think I should say upfront that I don’t trust the government and that that distrust has been richly earned over a long period of time.
Without quibbling over whether a Ministerial Determination is legislation …
Is the Determination valid? (not outside the scope laid down in the Act)
Is the Act itself valid? (not outside the scope laid down in the constitution)
Does it bind all the entities that it needs to? Cth? ASIO? States? AFP? state police forces?
Because no actual bill to amend or create an Act was ever introduced into parliament, or debated in parliament, there are questions outstanding.
It looks odd that the Health Minister is telling “you” that “you” can’t decrypt data that is stored on a phone and that this will “prevent or control the spread of a disease”.
As is stated above, the very fact that the Minister can pull this out of thin air without any debate also means that the Minister can vary or cancel this without any debate.
It is fragile, which is why it is reasonable to ask the government to follow up with proper legislation (a bill to amend or create an Act, if you prefer).
… until it becomes part of every Android and Apple phone (as has been mooted by Google and Apple - and as could be required by the government in accordance with legislation that has been passed by the parliament).
This doesn’t look like a minor or administrative change though! As you say above, it is being done this way because “it’s an emergency”. Whether that leads to a quality watertight Ministerial Determination remains to be seen.
No kidding - ‘odd’ is an understatement. Let’s not even address the term ‘can’t decrypt’ - some of the ‘specifications’ that have been rather lazily bandied about, together with the analogies with corporations/etc raise far more questions than they answer.
The release of source code, or not, or partial is also just part of a question - determining whether the source that has been vetted is identical to the source that was used to build the app can be problematic, but doable in the right scenario with the complete source and knowledge of the build environment in detail - without the complete source, well … either way, there are ‘other factors’ that can change runtime behaviour.
Has there been a complete and in-depth forensic analysis of the app? do we know the functional spec to any certainty more than what politicians and journalists have tried to communicate? (trying to measure distance using BLE makes for an interesting online search just for starters).
… and it probably won’t be ‘the app’ then - at least not ‘the app’ that all the promises and reassurances were made in relation to 
These are legal questions outside the scope of this forum. Notwithstanding this, I expect that the legislative determination, like other legislation (inc Bills), passed through the Australian Government Solicitor before being finalised. It is also likely that the opposition would have been privy to its development. It wouldn’t have been developed by the LNP party headquarters.
As determination legislation is c ommon practice, I expect that the legal system would have been all mm over them in the past to validate their lawfulness.
Is it timely to point out that there are many instances of government, persons as well as agencies, that overstep their bounds, apologise, and life moves on for them?
While not germane to this topic per se, it is germane to any belief out governments and people who comprise them dutifully stay within the law.
Sometimes it is a difference of opinion, with a special aroma or not.
The bipartisan resistance for a federal ICAC (by whatever name) with powers to deal with improprieties, that does not give essentially a blanket exemption to pollies, is all one should need to be more than slightly suspicious of reassurances that government can be relied on to act in good faith.
Yes. More recently, the AFP was found not to have had a valid warrant to raid Annika Smethurst’s underwear drawer … but they were allowed to keep the results of the raid anyway and may yet use those results in a prosecution against her.
I wasn’t disputing the validity of Ministerial Determination in general but the validity of this particular part of the Act and this particular use of the Act.
We are in uncharted waters here. I don’t recall the use of an MD under this Act that is of such a general nature - and straying well beyond direct control of biosecurity (such as orders to seize and detain specific diseased individuals).
We know how that one goes though. Everybody gets a high-powered legal opinion that supports the point of view that suits them. The Health Minister might get the seal of approval - while a nefarious government agency would get a legal opinion that says the exact opposite - so that they can use COVID data for a few years until a) they even get caught doing it and b) they eventually lose in the High Court and c) they get to keep the evidence and the successful prosecutions that relied on illegally obtained evidence are upheld.
Has the Health Minister even released the AGS’s advice?
I know this is a silly game that politicians play i.e. refusing to release the advice, citing confidentiality - until forced to by a Senate enquiry.
Not even that.
The government should get serious.
If it’s so so important that as many people as possible install the app then the government should be bending over backwards to be transparent: full and complete release of source code, release of relevant legal opinions, …
A piece from last night’s ABC 7.30 on drone technology being touted as yet another COVID-19 solution.
I wonder how much of the software could be applied to our increasingly prevalent security cameras.
Qld is trialling digital drivers’ licences.
Too bad if you lose your phone or if it is stolen.
I always have my licence in my wallet and there would be more chance of me forgetting to take my phone than my wallet when I go out, or of losing my phone.
It is possible that the digital licence doesn’t have any useful information which is visible to the user. It could contain an encrypted key (using existing tools such a QR-code) which can used by say the police or anyone with necessary authorisations to check licence details. Each code would be unique to the particular licence holder.
If a phone is stolen, there are good apps which allow one to remotely erase/factory reset the phone if it is lost. This does however rely on the phone being locked with a passcode to gain access. Many people chose not to have one for convenience, but it allows someone to access the phone, delete the security/reset app and have unfettered control of the device.
I was not referring to someone else accessing the information but rather the inconvenience of losing the phone or having it stolen and having to get a replacement license.
I have seen phones left lying around in shops where people have put them down and forgotten them but I have not seen any wallets left lying around.
The phone does not need to be stolen for its access to be stolen in a SIM swap attack.
This makes digital licences a potentially very bad idea, although there are ways to base the digital licence on the phone hardware and thus prevent the scammers from accessing its rich opportunities for further fraud.
